You really only need two ciphers to get to most browsers/clients and good security and speed (replace RSA with ECDSA if needed):
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Example: https://www.ssllabs.com/ssltest/analyze.html?d=theandrewbail...
It baffles me that Mozilla recommends 20 ciphers for their highest security level. I think high security should be more exclusive than that, and with forward secrecy only.
Point 5:
How I imported Let's Encrypt's certificates into a Java keystore:
openssl pkcs12 -export -name yourdomain -in fullchain.pem -inkey privkey.pem -out pubchainpriv.p12 keytool -importkeystore -srcstoretype pkcs12 -srckeystore pubchainpriv.p12 -alias yourdomain -destkeystore /path/to/keystore.jks
You really only need two ciphers to get to most browsers/clients and good security and speed (replace RSA with ECDSA if needed):
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Example: https://www.ssllabs.com/ssltest/analyze.html?d=theandrewbail...
It baffles me that Mozilla recommends 20 ciphers for their highest security level. I think high security should be more exclusive than that, and with forward secrecy only.
Point 5:
How I imported Let's Encrypt's certificates into a Java keystore: